QuickTime bug discovered.

Position:Security News and Products

Apple's QuickTime, the media software used to play music and movies on Mac OS X and Windows, has recently been update to version 7.5.5, but a serious bug has already been discovered that may be used as a vector for malicious attacks. The " quicktime type=?>" tag fails to handle long strings, which can lead to a heap overflow in QuickTime Player, iTunes, or any other program that attempts to display media using a QuickTime plug-in. This can be a browser, such as Apple's Safari, Microsoft Internet Explorer or Mozilla Firefox, or, on Mac OS X, could be any program that displays graphics or movies inline, such as Mail, or even the Finder if a user tries to view a file with Quick Look. For now, files which contain offending strings will crash programs attempting to display them, but malicious code could be added to such files, and may be executed with no user interaction, other than an attempt to view a file.

This bug...

To continue reading